ICO fines Police Scotland over phone data disclosure
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
The ICO fined Police Scotland £66,000 and reprimanded the force for a data protection failure that exposed a female officer’s phone contents to a colleague she accused of rape. The penalty matters because the disclosure included medical records, intimate photos, and contact details, widening the harm beyond the original misconduct probe. Police Scotland also failed to report the breach within 72 hours. The action shows how mishandling highly sensitive police records can trigger enforcement under data-protection law.
Related Happenings
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal Action
First: 12.05.2026 11:30
Last: 12.05.2026 11:30
Sources 1
About this happening:
The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal ActionAbout this happening: The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
Police Scotland disclosure of female officer phone contents
Data Leak
First: 12.03.2026 12:30
Last: 12.03.2026 12:30
Sources 1
How related:
The phone data – which reportedly included medical records, intimate photos and friends and family contact details – was erroneously passed to the officer under investigation.
About this happening:
**Police Scotland** exposed a female officer’s phone contents to an unauthorized colleague, leaking **medical records**, **intimate photos**, and **contact details**. The disclosu...
Police Scotland disclosure of female officer phone contents
Data LeakHow related: The phone data – which reportedly included medical records, intimate photos and friends and family contact details – was erroneously passed to the officer under investigation.
About this happening: **Police Scotland** exposed a female officer’s phone contents to an unauthorized colleague, leaking **medical records**, **intimate photos**, and **contact details**. The disclosu...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal Action
First: 25.02.2026 11:40
Last: 25.02.2026 11:40
Sources 1
About this happening:
The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal ActionAbout this happening: The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
ICO fines Reddit for child data protection failures
Regulatory/Legal Action
First: 24.02.2026 16:54
Last: 24.02.2026 16:54
Sources 1
About this happening:
The **UK Information Commissioner's Office (ICO)** fined **Reddit** **£14.47 million** for collecting and using **children under 13**'s personal information without adequate safeg...
ICO fines Reddit for child data protection failures
Regulatory/Legal ActionAbout this happening: The **UK Information Commissioner's Office (ICO)** fined **Reddit** **£14.47 million** for collecting and using **children under 13**'s personal information without adequate safeg...
Ireland DPC opens GDPR investigation into X Grok sexual image generation
Regulatory/Legal Action
First: 17.02.2026 12:02
Last: 17.02.2026 12:02
Sources 1
About this happening:
Ireland's **Data Protection Commission (DPC)** opened a formal investigation into **X** over **Grok** being used to generate **non-consensual sexual images** of real people, inclu...
Ireland DPC opens GDPR investigation into X Grok sexual image generation
Regulatory/Legal ActionAbout this happening: Ireland's **Data Protection Commission (DPC)** opened a formal investigation into **X** over **Grok** being used to generate **non-consensual sexual images** of real people, inclu...
Timeline
-
12.03.2026 12:30 2 articles · 2mo ago
ICO fines Police Scotland over phone data disclosure
Legal Policy Action UpdateThe Information Commissioner’s Office fined Police Scotland £66,000 and reprimanded the force after finding that it shared the full contents of a female officer’s phone with a colleague she had accused of rape, including medical records, intimate photos, and family contact details. The regulator said the disclosure arose from an internal officer misconduct investigation that spanned several months in early 2021, and that Police Scotland also failed to notify it within the required 72 hours. The victim was first told about the disclosure in June 2022, later complained to the ICO, and the regulator began its investigation in May 2023.
Show sources
- Police Scotland Fined After Sharing Victim’s Phone Data — www.infosecurity-magazine.com — 12.03.2026 12:30
- Police Scotland Fined After Sharing Victim’s Phone Data — www.infosecurity-magazine.com — 12.03.2026 12:30